The process of identifying threat sources that have the potential to exploit some weakness in the information system. The following list of common threat sources should be evaluated:

Natural threats

Storms

Floods

Tornadoes

Hurricanes

Electrical storms

Earthquakes

Slides

Landslide

Avalanche

Temperature extremes

danger

Environmental threats

Power failures

Human threats

Unintentional

Data compromise

Intentional

Hacker/cracker

System intrusion

Defacement

Data compromise

Criminal

Bribery, extortion

System intrusion

Data compromise

Terrorist

Bribery, extortion

System intrusion

Data compromise

Information warfare

System disruption

Organizational disruption

Industrial espionage

System intrusion

Data compromise

Organizational disruption

Insiders

System intrusion

Data compromise

Organizational disruption

This threat analysis should be tailored to the individual organization and its environment and mission and the criticality and sensitivity of the data on the information system. In general, information, threat analysis, awareness and readiness are fairly high for natural threats and low for human sourced cyber threats.